Win10 NFS Client a SAMBA Killer?

We finally got the last of our recalcitrant Windows 7 users to Windows 10 thanks to MS' recent withdrawal of support from the former, so the entire enterprise now is either Ubuntu 18.04 or Windows 10.

Because Windows 10 has a NFS client, the question now is whether to ditch SAMBA in favor of NFS.

Specifically, does any reason exist to retain SAMBA now that all our Windows clients support NFS?

Not sure from the information the OP provided, but I wonder if the advanced SMB3.0 features matter if they are running Samba on a Linux box, or some other non-Microsoft SMB implementation.

Samba supports both SMB Multichannel & SMB Direct just fine. samba.org/~metze/presentations/2018/SDC/…

That's...not how NFS works at all.

(Maybe you're thinking of iSCSI, or of "pNFS Volume Layout", which is an addon feature for block-device sharing?)

This is somewhat mangled, but it's true that NFS authentication is extremely poor and you can just impersonate UIDs.

@pjc50 Only if the NFS server is using AUTH_SYS authentication. And anyone who already has root/admin privileges and the knowledge to get inside their system and spoof UIDs/GIDs over NFS likely has the ability to do the same to SMB, too. And hack your entire system anyway.

@Zoredache By now, I think the Samba developers could very well understand SMB/CIFS better than Microsoft.

@AndrewHenle : root may be unnecessary. "hackers" ... "who attacked Unix systems in (say) 1995 had a copy of NFS shell." "a user can then mount any exported filesystems, performing arbitrary filesystem operations as any non-root user, assuming they are on a host in the server's export list. Such access will commonly result in the user obtaining root privileges." "userland code was sufficient for authentication. And the mountd returned the root handle of the file system. When you presented that handle to nfsd it would happily serve you even when you are no longer in the exports table."

@TOOGAM who attacked Unix systems in (say) 1995 So hacks against Windows 95 are valid arguments against Windows implementations today?

in 1987, it was common knowledge among the engineers at Sun that NFS stood for "No File Security" That's literally 33 years ago. -1.

@AndrewHenle Yes. If there is a protocol that is known for having a ton of vulnerabilities, I would want to know that the protocol has removed such design flaws. At which point, it is essentially a new protocol. Otherwise, you may be relying on various workarounds that people try to tack on to secure things better, but who knows when an update or a different implementation will fail to implement those same workarounds, or when another issue arises because of the initially insecure design. Besides, I essentially wasn't promoting absolute final conclusions, just considerations to keep in mind.

(The reason why Sun was so significant is that Sun invented NFS.)

SMB/CIFS didn't introduce any encryption until 3.0 - in 2012. NFS had full end-to-end encryption available in NFSv4 in 2000. So your "If you mount your filesystems over the Internet, the transferred files can be interfered and even tampered with at any time" quote applied to SMB a lot longer than it applied to NFS.

@AndrewHenle : This has just been getting further and further from the answer's focus. May ongoing discussion commence in our chat room.

@AndrewHenle sure, I guess I am just used to using the more 'enterprisy' Linux distros like Centos/Debian and it often feels like there is an extremely long lag time between new functionality in Windows, and it being available in the stable Linux release for 'production' usage, and not just in some upstream dev repo. From what I see it looks like Debian only had the full functionality in Buster(~2017)?

@Zoredache: Debian did take a while to bring Samba up to date, but before that, I believe you could get Samba packages from Sernet if you wanted commercial support. (Meanwhile I built from sources for my home lab AD...)